Specifications

ManualsBrandsCabletron Systems ManualsNetwork CardE2100

201

202

203

204

205

206

207

208

209

210

Network Security

have serious consequences, in particular if the program is being executed

with special privileges (see Section C on page 199).

“Format string bugs” work in a slightly different way, but again it is the user

input which could lead the program astray. In most cases, these program-

ming errors are exploited with programs executed with special permissions

— setuid and setgid programs — which also means that you can protect your

data and your system from such bugs by removing the corresponding exe-

cution privileges from programs. Again, the best way is to apply a policy of

using the lowest possible privileges (see Section C on page 199).

Given that buffer overﬂows and format string bugs are bugs related to the

handling of user data, they are not only exploitable if access has been given

to a local account. Many of the bugs that have been reported can also be ex-

ploited over a network link. Accordingly, buffer overﬂows and format string

bugs should be classiﬁed as being relevant for both local and network secu-

rity.

Viruses

Contrary to what some people will tell you, there are viruses that run on

Linux. However, the viruses that are known were released by their authors

as “proof of concept”, meaning that they were written to prove that the tech-

nique works as intended. On the other hand, none of these viruses have been

spotted “in the wild” so far.

Viruses would not be able to survive and spread without a host on which

they can live. In our case, the host would be a program or an important stor-

age area of the system, such as the master boot record, which needs to be

writable for the program code of the virus. Owing to its multiuser capabil-

ity, Linux can restrict write access to certain ﬁles, which is the case especially

with system ﬁles. Therefore, if you did your normal work with root permis-

sions, you would increase the chance of the system being infected by a virus.

By contrast, if you follow the principle of using the lowest possible privileges

as mentioned above, chances of getting a virus are slim. Apart from that, you

should never rush into executing a program from some Internet site that you

do not really know. SuSE’s RPM packages carry a cryptographic signature as

a digital label that the necessary care was taken to build them. Viruses are

a typical sign that the administrator or the user lacks the required security

awareness, putting at risk even a system that should be highly secure by its

very design.

Viruses should not be confused with worms which belong to the world of

networks entirely. Worms do not need a host to spread.

201SuSE Linux – Firewall on CD2